Sql Server Buffer Overflow
Results 1 to 4 of 4

Thread: Sql Server Buffer Overflow

  1. #1
    Senior Member
    Join Date
    Jan 2002
    Posts
    682

    Sql Server Buffer Overflow

    i had double check this...since i was pretty sure i posted simething like this last week...turns out this is a different buffer overflow...it's so confusin...there's so many



    INFORMATION ALERT
    AN EMERGING ISSUE WITH:
    MICROSOFT SQL SERVER (VERSIONS 7 AND 2000) BUFFER OVERFLOW
    SEVERITY:
    Medium
    DATE:
    February 21, 2002
    SUMMARY:
    On February 20, Microsoft released a security bulletin describing a
    buffer overflow in its SQL Server version 7 and 2000. Attackers can
    use the buffer overflow to either stop or crash the SQL server
    entirely, or to execute any command on the system that the SQL
    server itself can execute. Administrators should download and install the patch from
    Microsoft as soon as is practical.

    EXPOSURE:
    Microsoft SQL servers can connect to other data sources using an "ad
    hoc" connection. An ad hoc connection connects a database to its
    data source temporarily, when the effort to set up a more permanent
    connection is not justified. The buffer overflow occurs in the code
    that enables this type of database connection.

    If the attack is successful, the attacker will be able to do
    anything the SQL service itself can do: delete files, add files,
    change data in the database, etc. The only restriction on the
    attacker's actions would be those imposed by the operating system on
    the SQL service. Most SQL servers are installed with only user level
    permissions, limiting what an attacker can do without a further
    attack to elevate those privileges to administrator level.

    If the attack is unsuccessful, the SQL service itself will probably
    crash as a result of the attempt, requiring a manual restart of the
    service.

    If you allow traffic to or from your SQL server, then it may be
    possible for an attacker to exploit this vulnerability as long as
    the attacker can pass a query to the vulnerable server. To do this,
    the attacker would need to gain access to an account on the server
    by: compromising a Web application; sniffing a user name or password
    off the wire (not all SQL authentication uses strong encryption);
    social engineering; or guessing the password for a known username.
    I used to be With IT. But then they changed what IT was. Now what I'm with isn't IT, and what's IT seems scary and weird." - Abe Simpson

  2. #2
    Senior Member
    Join Date
    Dec 2001
    Posts
    1,193
    I'll check the sql servers. thks zigar, any idea on the fix? post it if you get it.
    Trappedagainbyperfectlogic.

  3. #3
    Senior Member
    Join Date
    Jan 2002
    Posts
    682
    I used to be With IT. But then they changed what IT was. Now what I'm with isn't IT, and what's IT seems scary and weird." - Abe Simpson

  4. #4
    Senior Member
    Join Date
    Dec 2001
    Posts
    1,193
    got it thks.
    Trappedagainbyperfectlogic.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •